Manualshelf

Configuring Microsoft Windows IP Security to Operate with HP-UX IPSec

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
11121314151617181920
Tunnel Settings
The tunnel settings specify if the rule is a tunnel rule. If it is a tunnel rule, the settings
also specify the tunnel destination endpoint.
Connection Type
The connection type specifies the connection (link) types for the rule, such as LAN.
General
The general parameters for a policy specify IKE SA parameters, such as the IKE encryption
algorithm, IKE hash (integrity algorithm), Diffie-Hellman Group, and IKE SA key lifetimes.
The parameters correspond to IKE SA proposals. You can configure multiple IKE SA
proposals and specify the preference order. The proposals are used for all rules in the policy.
By comparison, a minimal HP-UX IPSec configuration consists of one or more IPsec host policies,
one or more IKE policies, and one or more authentication records. The IPsec host policies specify
address filters, and you can configure separate IKE policies for each peer. “Comparing HP-UX
and Windows IPsec Configuration Parameters” (page 40) lists IPsec configuration parameters
and how they are configured in the HP-UX IPSec and the Windows IP Security configuration
utilities.
Configuring a Windows Host-to-Host Policy
This section describes one method for configuring host-to-host policy on a Windows XP client
using the IP Security Policies snap-in utility. Windows also supports command-line utilities to
configure IP Security policies: ipseccmd on Windows XP systems and netsh on Windows 2003
systems. For more information about these utilities, see the Windows documentation set.
To use this method, complete the following steps:
1. Start the IP Security Policies snap-in utility. See “Step 1: Starting the IP Security Policies
Snap-in Configuration Utility” (page 15).
2. Create an IP Security policy. See “Step 2: Creating a Policy” (page 15).
3. Add a rule to the policy. See “Step 3: Adding a Rule” (page 16).
4. Create a Filter List for the rule and configure filters. See “Step 4: Creating the IP Filter List
and Filters for the Rule” (page 18).
5. Configure filter actions for the rule. The filter actions contain IPsec transforms or other
actions. See “Step 5: Configuring Filter Actions for the Rule” (page 21).
6. Configure the IKE authentication method and preshared key for the rule. See “Step 6:
Configuring the IKE Authentication Method and Preshared Key for the Rule” (page 25).
7. Specify the network link (connection) types for the rule. See“Step 7: Configuring the
Connection Type for the Rule” (page 26).
8. Modify the IKE SA parameters for the policy. By default, Windows clients will use IKE SA
parameters that are compatible with the default HP-UX IPSec parameters. If these parameters
are acceptable, you can skip this step. See “Step 8: Modifying IKE Parameters for the Policy”
(page 26).
9. Start the IP Security service. The IP Security service must be running before you can assign
the new IP Security policy. See “Step 9: Starting the IP Security Service” (page 29).
10. Assign (activate) the new IP Security Policy. See “Step 10: Assigning the IP Security Policy”
(page 30).
11. Verify the configuration. See “Step 11: Verifying the Configuration” (page 31).
Because this is a host-to-host rule, we will use the default value for the rule tunnel setting (no
tunnel). For information about configuring a tunnel rule and the tunnel setting, see “Configuring
a Windows End-to-End Tunnel Policy” (page 33).
14